As spotted by @nikcub, Yahoo has included their private key with the Chrome extension. This private certificate will allow other users to sign their applications as Yahoo. I was able to confirm that the file was available inside the extension.

Nik further demonstrates the vulnerability of the leaked mistakenly included private certificate key in a detailed blog post which you can read here. While the extension would not be a problem currently , it would allow other scammers or phishers to pass off rogue extensions as those created by Yahoo or just re-upload the original extension with something rogue.

As a user, you should remove the current extension till Yahoo fixes this problem. To get rid of this problem, Yahoo would need to create a new certificate and sign their extension again and Google would probably have to negate the old certificate while installing extensions.

This is not the first time that such a blunder has happened when news has leaked hours before a release, but this is definitely a very big problem on Yahoo’s part.

I am the editor-in-chief and owner of Techie Buzz. I love coding and have contributed to several open source projects in the past. You can know more about me and my projects by visiting my Personal Website.
I am also a social networking enthusiast and can be found active on twitter, you can follow Keith on twitter @keithdsouza. You can click on my name to visit my Google+ profile.